CN117294529A - Abnormal login detection method and system for intelligent medical platform - Google Patents
Abnormal login detection method and system for intelligent medical platform Download PDFInfo
- Publication number
- CN117294529A CN117294529A CN202311576342.3A CN202311576342A CN117294529A CN 117294529 A CN117294529 A CN 117294529A CN 202311576342 A CN202311576342 A CN 202311576342A CN 117294529 A CN117294529 A CN 117294529A
- Authority
- CN
- China
- Prior art keywords
- users
- behavior
- user
- matrix
- preset threshold
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000002159 abnormal effect Effects 0.000 title claims abstract description 40
- 238000001514 detection method Methods 0.000 title claims abstract description 12
- 239000011159 matrix material Substances 0.000 claims abstract description 48
- 238000000034 method Methods 0.000 claims description 20
- 238000012216 screening Methods 0.000 claims description 12
- 238000010606 normalization Methods 0.000 claims description 4
- 230000006399 behavior Effects 0.000 description 67
- 230000003068 static effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000003116 impacting effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Abstract
The invention discloses a detection method and a detection system for abnormal login of an intelligent medical platform, which belong to the technical field of network security and specifically comprise the following steps: acquiring a plurality of behavior data of a user after logging in a platform, storing the behavior data into a behavior database, generating a behavior matrix of each user according to the behavior database, normalizing the behavior matrix to generate a standardized matrix, and calculating the behavior score of each user by using Euclidean distance; counting the behavior scores and the registration time of all users, calculating the ratio of the user behavior scores to the registration time, and marking the users with the ratio larger than a preset threshold as undetermined users; counting the total access times of users in the registration time, and marking the undetermined users with the total access times larger than a preset threshold as suspicious users; acquiring the number of medical fields visited by a pending user in a registration duration and the corresponding number of visits, and judging whether the pending user is an abnormal login user or not; the invention realizes the automatic identification of the abnormal login access of the medical platform.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a method and a system for detecting abnormal login of an intelligent medical platform.
Background
With the development of high and new technology in the medical field, a medical platform system is gradually widely used by the public, due to the gradual deepening of mobile internet application, certain illegal personnel, channel partner personnel and external malicious attackers are driven by commercial interests, a large number of false account numbers are utilized to access the medical system, server computing power is wasted in malicious access, and serious and direct service loss is caused to the platform, and typical problems include: and performing violent cracking by utilizing the behavior of the machine impacting the warehouse, stealing the account number, and performing malicious bill swiping and second killing. The system login control defect is utilized to override the illegal login inwards, tamper and steal the sensitive data of the user. The normal operation order of the medical platform is seriously affected, and great economic and reputation losses are caused, so that the identification of the illegal abnormal login account is the key for solving the problem.
The common abnormal malicious login comprises early morning login, remote login, large-batch login and multiple frequent accesses, great pressure is caused on the bearing capacity of a server of a platform, the current login check of an abnormal malicious account is usually matched based on static rules such as single dimension, the operation habit of a user and the operation habit of a group where the user is located are not considered, and a large number of false alarms and false omission are generated in practical application.
Disclosure of Invention
The invention aims to provide an abnormal login detection method and system for an intelligent medical platform, which solve the following technical problems:
the common abnormal malicious login comprises early morning login, remote login, large-batch login and multiple frequent accesses, great pressure is caused on the bearing capacity of a server of a platform, the current login check of an abnormal malicious account is usually matched based on static rules such as single dimension, the operation habit of a user and the operation habit of a group where the user is located are not considered, and a large number of false alarms and false omission are generated in practical application.
The aim of the invention can be achieved by the following technical scheme:
an abnormal login detection method of an intelligent medical platform comprises the following steps:
acquiring a plurality of behavior data of a user after logging in a platform, storing the behavior data into a behavior database, generating a behavior matrix of each user according to the behavior database, normalizing the behavior matrix to generate a standardized matrix, and calculating a behavior score Fin of each user by using Euclidean distance;
counting the behavior scores and the registration time of all users, calculating the ratio of the user behavior scores to the registration time, screening out users with the ratio larger than a preset threshold, and marking the users as pending users;
acquiring the number of medical fields accessed in the registration duration and the access times of each medical field, acquiring the total access times M, and marking the undetermined user with the total access times greater than a preset threshold as a suspicious user;
for suspicious users with the number of the visiting medical fields smaller than a preset threshold value, calculating the ratio of the total visiting times to the registration duration, and if the ratio is smaller than the preset threshold value, judging the suspicious users to be abnormal login users; otherwise, judging that the user is normally logged in; for suspicious users with the number of visiting medical fields being greater than a preset threshold, generating a visiting deviation value of the undetermined user, and judging the suspicious users with the deviation value being smaller than the preset threshold as abnormal login users; otherwise, judging the user as a normal user.
As a further scheme of the invention: the access deviation value is calculated by the following steps:
the method comprises the steps of marking the number of medical fields visited by suspicious users as L, marking the visit times of different medical fields as M1, M2 and the number of times of the visit of the suspicious users as M, obtaining the total visit times of the visit of the suspicious users as M, M2 and the number of times of the visit of the suspicious users as M, respectively calculating the difference value of the mL and the M/L, generating a difference value sequence, calculating the variance of the difference value sequence, and marking the product of the variance and the registration duration as a deviation value.
As a further scheme of the invention: the behavior data comprises the total login times, the total online time length and the average online time length of each login.
As a further scheme of the invention: the registration duration is the difference between the current date and the number of days of the registration date.
As a further scheme of the invention: the standardized matrix acquisition process comprises the following steps:
acquiring the total number n of users, and marking the jth behavior data of the ith user as x ij I and j are positive integers, and i is less than or equal to n and j is less than or equal to 3;
normalizing the behavior matrix to generate a normalized matrix Z, wherein each normalized element Z in the normalized matrix Z ij In one-to-one correspondence with behavior data, normalize element z ij And behavior data x ij The corresponding relation of (2) is:
,
the normalization matrix Z is then:
。
as a further scheme of the invention: the Euclidean distance is calculated by the following steps:
defining a maximum set in the standardized matrix as Z + =(Z + 1 ,Z + 2 ,Z + 3 ),Z + Each element in (a) is the maximum value of the column of the element in the standardized matrix, namely Z + =(max{z 11 ,z 21 ,z n1 },max{z 12 ,z 22 ,z n2 },max{z 13 ,z 23 ,z n3 });
Defining a minimum set of values in the normalized matrix as Z -- =(Z - 1 ,Z - 2 ,Z - 3 ),Z - Each element in (a) is the minimum value of the column in which the element is located in the standardized matrix, namely Z - =(min{z 11 ,z 21 ,z n1 },min{z 12 ,z 22 ,z n2 },min{z 13 ,z 23 ,z n3 });
Calculating the normalized element and maximum Z of the ith user + Euclidean distance D of (2) i + And to a minimum value Z - Euclidean distance D of (2) i - And corresponding weight alpha is given to different user behavior data i The calculation formula of the Euclidean distance is:
,
。
as a further scheme of the invention: the calculation process of the user behavior score is as follows:
initial behavior scoring for the ith userNormalizing the initial behavior scores to generate final behavior scores Fin, and then adding the final behavior score of the ith user>。
An intelligent medical platform abnormal login detection system, comprising:
the data acquisition module is used for acquiring a plurality of behavior data of the user after logging in the platform, storing the behavior data into a behavior database, generating a behavior matrix of each user according to the behavior database, normalizing the behavior matrix to generate a standardized matrix, and calculating a behavior score Fin of each user by utilizing Euclidean distance;
the preliminary screening module is used for counting the behavior scores and the registration time lengths of all users, calculating the ratio of the user behavior scores to the registration time lengths, screening out users with the ratio larger than a preset threshold value, and marking the users as undetermined users;
the secondary screening module is used for acquiring the number of the medical fields accessed in the registration duration and the access times of each medical field, acquiring the total access times M, and marking the pending users with the total access times greater than a preset threshold as suspicious users;
the result output module is used for calculating the ratio of the total access times to the registration duration for suspicious users with the number of the access medical fields smaller than a preset threshold value, and judging the suspicious users to be abnormal login users if the ratio is smaller than the preset threshold value; otherwise, judging that the user is normally logged in; for suspicious users accessing the medical field and being larger than a preset threshold value, generating access deviation values of the undetermined users, and judging the suspicious users with the deviation values smaller than the preset threshold value as abnormal login users; otherwise, judging the user as a normal user.
The invention has the beneficial effects that:
according to the method, the behavior data of the user after logging in the platform are obtained and stored in the database, then the user behavior matrix is generated, the user behavior model is built, the behavior score and the registration time length of the user are comprehensively considered, the possible to-be-logged-in user is identified, the number of medical fields and the access times of the to-be-identified user in the registration time length are further analyzed, the access data are analyzed, the access deviation value is calculated, the user with abnormal access behaviors to the medical platform is detected, and the detection accuracy is improved.
Drawings
The invention is further described below with reference to the accompanying drawings.
FIG. 1 is a flow chart of an abnormal login detection method for an intelligent medical platform.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1, the invention discloses a method and a system for detecting abnormal login of an intelligent medical platform, comprising the following steps:
acquiring a plurality of behavior data of a user after logging in a platform, storing the behavior data into a behavior database, generating a behavior matrix of each user according to the behavior database, normalizing the behavior matrix to generate a standardized matrix, and calculating a behavior score Fin of each user by using Euclidean distance;
counting the behavior scores and the registration time of all users, calculating the ratio of the user behavior scores to the registration time, screening out users with the ratio larger than a preset threshold, and marking the users as pending users;
acquiring the number of medical fields accessed in the registration duration and the access times of each medical field, acquiring the total access times M, and marking the undetermined user with the total access times greater than a preset threshold as a suspicious user;
for suspicious users with the number of the visiting medical fields smaller than a preset threshold value, calculating the ratio of the total visiting times to the registration duration, and if the ratio is smaller than the preset threshold value, judging the suspicious users to be abnormal login users; otherwise, judging that the user is normally logged in; for suspicious users accessing the medical field and being larger than a preset threshold value, generating access deviation values of the undetermined users, and judging the suspicious users with the deviation values smaller than the preset threshold value as abnormal login users; otherwise, judging the user as a normal user.
The invention firstly scores users according to the behavior data of the users, and screens out the users which carry out complex login behaviors in a short time and the users with more access times by comparing with the registration duration; for suspicious users with short registration time and a large number of accesses, directly judging the suspicious users as abnormal login users; and for suspicious users accessing the medical fields with the access frequency larger than a preset threshold value, users which access all the medical fields in a large amount in a short time are screened out by counting the difference of the access frequency of each medical field, namely abnormal login users, and users which access all the medical fields in a large amount in a long time are normal user behaviors.
In a preferred embodiment of the present invention, the access offset value is calculated by:
the method comprises the steps of marking the number of medical fields visited by suspicious users as L, marking the visit times of different medical fields as M1, M2 and the number of times of the visit of the suspicious users as M, obtaining the total visit times of the visit of the suspicious users as M, M2 and the number of times of the visit of the suspicious users as M, respectively calculating the difference value of the mL and the M/L, generating a difference value sequence, calculating the variance of the difference value sequence, and marking the product of the variance and the registration duration as a deviation value.
In another preferred embodiment of the present invention, the behavior data includes a total number of logins, a total online time period, and an average online time period per login.
In another preferred embodiment of the present invention, the registration duration is a difference in number of days between a current date and a registration date.
In another preferred embodiment of the present invention, the obtaining of the normalization matrix comprises:
acquiring the total number n of users, and marking the jth behavior data of the ith user as x ij I and j are positive integers, and i is less than or equal to n and j is less than or equal to 3;
normalizing the behavior matrix to generate a normalized matrix Z, wherein each normalized element Z in the normalized matrix Z ij In one-to-one correspondence with behavior data, normalize element z ij And behavior data x ij The corresponding relation of (2) is:
,
the normalization matrix Z is then:
。
in a preferred case of this embodiment, the euclidean distance calculating process is as follows:
defining a maximum set in the standardized matrix as Z + =(Z + 1 ,Z + 2 ,Z + 3 ),Z + Each element in (a) is the maximum value of the column of the element in the standardized matrix, namely Z + =(max{z 11 ,z 21 ,z n1 },max{z 12 ,z 22 ,z n2 },max{z 13 ,z 23 ,z n3 });
Defining a minimum set of values in the normalized matrix as Z -- =(Z - 1 ,Z - 2 ,Z - 3 ),Z - Each element in (a) is the minimum value of the column in which the element is located in the standardized matrix, namely Z - =(min{z 11 ,z 21 ,z n1 },min{z 12 ,z 22 ,z n2 },min{z 13 ,z 23 ,z n3 });
Calculating the normalized element and maximum Z of the ith user + Euclidean distance D of (2) i + And to a minimum value Z - Euclidean distance D of (2) i - And corresponding weight alpha is given to different user behavior data i The calculation formula of the Euclidean distance is:
,
。
in another preferred case of this embodiment, the calculation process of the user behavior score is:
initial behavior scoring for the ith userNormalizing the initial behavior scores to generate final behavior scores Fin, and then adding the final behavior score of the ith user>。
An intelligent medical platform abnormal login detection system, comprising:
the data acquisition module is used for acquiring a plurality of behavior data of the user after logging in the platform, storing the behavior data into a behavior database, generating a behavior matrix of each user according to the behavior database, normalizing the behavior matrix to generate a standardized matrix, and calculating a behavior score Fin of each user by utilizing Euclidean distance;
the preliminary screening module is used for counting the behavior scores and the registration time lengths of all users, calculating the ratio of the user behavior scores to the registration time lengths, screening out users with the ratio larger than a preset threshold value, and marking the users as undetermined users;
the secondary screening module is used for acquiring the number of the medical fields accessed in the registration duration and the access times of each medical field, acquiring the total access times M, and marking the pending users with the total access times greater than a preset threshold as suspicious users;
the result output module is used for calculating the ratio of the total access times to the registration duration for suspicious users with the number of the access medical fields smaller than a preset threshold value, and judging the suspicious users to be abnormal login users if the ratio is smaller than the preset threshold value; otherwise, judging that the user is normally logged in; for suspicious users accessing the medical field and being larger than a preset threshold value, generating access deviation values of the undetermined users, and judging the suspicious users with the deviation values smaller than the preset threshold value as abnormal login users; otherwise, judging the user as a normal user.
The foregoing describes one embodiment of the present invention in detail, but the description is only a preferred embodiment of the present invention and should not be construed as limiting the scope of the invention. All equivalent changes and modifications within the scope of the present invention are intended to be covered by the present invention.
Claims (8)
1. The abnormal login detection method for the intelligent medical platform is characterized by comprising the following steps of:
acquiring a plurality of behavior data of a user after logging in a platform, storing the behavior data into a behavior database, generating a behavior matrix of each user according to the behavior database, normalizing the behavior matrix to generate a standardized matrix, and calculating a behavior score Fin of each user by using Euclidean distance;
counting the behavior scores and the registration time of all users, calculating the ratio of the user behavior scores to the registration time, screening out users with the ratio larger than a preset threshold, and marking the users as pending users;
acquiring the number of medical fields accessed in the registration duration and the access times of each medical field, acquiring the total access times M, and marking the undetermined user with the total access times greater than a preset threshold as a suspicious user;
for suspicious users with the number of the visiting medical fields smaller than a preset threshold value, calculating the ratio of the total visiting times to the registration duration, and if the ratio is smaller than the preset threshold value, judging the suspicious users to be abnormal login users; otherwise, judging that the user is normally logged in; for suspicious users with the number of visiting medical fields being greater than a preset threshold, generating a visiting deviation value of the undetermined user, and judging the suspicious users with the deviation value being smaller than the preset threshold as abnormal login users; otherwise, judging the user as a normal user.
2. The method for detecting abnormal login of an intelligent medical platform according to claim 1, wherein the calculating process of the access deviation value is as follows:
the method comprises the steps of marking the number of medical fields visited by suspicious users as L, marking the visit times of different medical fields as M1, M2 and the number of times of the visit of the suspicious users as M, obtaining the total visit times of the visit of the suspicious users as M, M2 and the number of times of the visit of the suspicious users as M, respectively calculating the difference value of the mL and the M/L, generating a difference value sequence, calculating the variance of the difference value sequence, and marking the product of the variance and the registration duration as a deviation value.
3. The method for detecting abnormal login of an intelligent medical platform according to claim 1, wherein the behavior data comprises total login times, total online time length and average online time length of each login.
4. The method for detecting abnormal login of an intelligent medical platform according to claim 1, wherein the registration duration is a difference between a current date and a registered date.
5. The method for detecting abnormal login of an intelligent medical platform according to claim 1, wherein the obtaining process of the standardized matrix comprises the following steps:
acquiring the total number n of users, and marking the jth behavior data of the ith user as x ij I and j are positive integers, and i is less than or equal to n and j is less than or equal to 3;
normalizing the behavior matrix to generate a normalized matrix Z, wherein each normalized element Z in the normalized matrix Z ij In one-to-one correspondence with behavior data, normalize element z ij And behavior data x ij The corresponding relation of (2) is:
,
the normalization matrix Z is then:
。
6. the method for detecting abnormal login of an intelligent medical platform according to claim 5, wherein the calculation process of the euclidean distance is as follows:
defining a maximum set in the standardized matrix as Z + =(Z + 1 ,Z + 2 ,Z + 3 ),Z + Each element in (a) is the maximum value of the column of the element in the standardized matrix, namely Z + =(max{z 11 ,z 21 ,z n1 },max{z 12 ,z 22 ,z n2 },max{z 13 ,z 23 ,z n3 });
Defining a minimum set of values in the normalized matrix as Z -- =(Z - 1 ,Z - 2 ,Z - 3 ),Z - Each element in (a) is the element in the standardized matrixThe minimum value of the column in which the element is located, i.e. Z - =(min{z 11 ,z 21 ,z n1 },min{z 12 ,z 22 ,z n2 },min{z 13 ,z 23 ,z n3 });
Calculating the normalized element and maximum Z of the ith user + Euclidean distance D of (2) i + And to a minimum value Z - Euclidean distance D of (2) i - And corresponding weight alpha is given to different user behavior data i The calculation formula of the Euclidean distance is:
,
。
7. the method for detecting abnormal login of an intelligent medical platform according to claim 6, wherein the calculation process of the user behavior score is as follows:
initial behavior scoring for the ith userNormalizing the initial behavior scores to generate final behavior scores Fin, and then adding the final behavior score of the ith user>。
8. An abnormal login detection system for an intelligent medical platform, comprising:
the data acquisition module is used for acquiring a plurality of behavior data of the user after logging in the platform, storing the behavior data into a behavior database, generating a behavior matrix of each user according to the behavior database, normalizing the behavior matrix to generate a standardized matrix, and calculating a behavior score Fin of each user by utilizing Euclidean distance;
the preliminary screening module is used for counting the behavior scores and the registration time lengths of all users, calculating the ratio of the user behavior scores to the registration time lengths, screening out users with the ratio larger than a preset threshold value, and marking the users as undetermined users;
the secondary screening module is used for acquiring the number of the medical fields accessed in the registration duration and the access times of each medical field, acquiring the total access times M, and marking the pending users with the total access times greater than a preset threshold as suspicious users;
the result output module is used for calculating the ratio of the total access times to the registration duration for suspicious users with the number of the access medical fields smaller than a preset threshold value, and judging the suspicious users to be abnormal login users if the ratio is smaller than the preset threshold value; otherwise, judging that the user is normally logged in; for suspicious users accessing the medical field and being larger than a preset threshold value, generating access deviation values of the undetermined users, and judging the suspicious users with the deviation values smaller than the preset threshold value as abnormal login users; otherwise, judging the user as a normal user.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311576342.3A CN117294529B (en) | 2023-11-24 | 2023-11-24 | Abnormal login detection method and system for intelligent medical platform |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311576342.3A CN117294529B (en) | 2023-11-24 | 2023-11-24 | Abnormal login detection method and system for intelligent medical platform |
Publications (2)
Publication Number | Publication Date |
---|---|
CN117294529A true CN117294529A (en) | 2023-12-26 |
CN117294529B CN117294529B (en) | 2024-01-30 |
Family
ID=89258910
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202311576342.3A Active CN117294529B (en) | 2023-11-24 | 2023-11-24 | Abnormal login detection method and system for intelligent medical platform |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN117294529B (en) |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104869155A (en) * | 2015-04-27 | 2015-08-26 | 腾讯科技(深圳)有限公司 | Data auditing method and device |
US20150281986A1 (en) * | 2012-09-25 | 2015-10-01 | Nec Corporation | Server device capable of analyzing communication behavior, control device, control method for mobile terminal, and computer readable medium |
US9479518B1 (en) * | 2014-06-18 | 2016-10-25 | Emc Corporation | Low false positive behavioral fraud detection |
JP2019046186A (en) * | 2017-09-01 | 2019-03-22 | ヤフー株式会社 | Access control device, access control method, and access control program |
CN111582997A (en) * | 2020-05-28 | 2020-08-25 | 广州蓝深科技有限公司 | Search system based on cloud electronic commerce active user analysis |
CN111783875A (en) * | 2020-06-29 | 2020-10-16 | 中国平安财产保险股份有限公司 | Abnormal user detection method, device, equipment and medium based on cluster analysis |
CN113486366A (en) * | 2021-06-08 | 2021-10-08 | 贵州电网有限责任公司 | Web illegal operation behavior detection method based on cluster analysis |
CN114238959A (en) * | 2021-12-15 | 2022-03-25 | 平安科技(深圳)有限公司 | User access behavior evaluation method and system based on zero-trust security system |
JP2023053847A (en) * | 2021-10-02 | 2023-04-13 | 広海 大谷 | Providing service using internet through business model patent and implemented patent of security |
CN117091237A (en) * | 2023-09-20 | 2023-11-21 | 株洲桓基电气股份有限公司 | Air conditioning equipment detection method and system for rail train |
-
2023
- 2023-11-24 CN CN202311576342.3A patent/CN117294529B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150281986A1 (en) * | 2012-09-25 | 2015-10-01 | Nec Corporation | Server device capable of analyzing communication behavior, control device, control method for mobile terminal, and computer readable medium |
US9479518B1 (en) * | 2014-06-18 | 2016-10-25 | Emc Corporation | Low false positive behavioral fraud detection |
CN104869155A (en) * | 2015-04-27 | 2015-08-26 | 腾讯科技(深圳)有限公司 | Data auditing method and device |
JP2019046186A (en) * | 2017-09-01 | 2019-03-22 | ヤフー株式会社 | Access control device, access control method, and access control program |
CN111582997A (en) * | 2020-05-28 | 2020-08-25 | 广州蓝深科技有限公司 | Search system based on cloud electronic commerce active user analysis |
CN111783875A (en) * | 2020-06-29 | 2020-10-16 | 中国平安财产保险股份有限公司 | Abnormal user detection method, device, equipment and medium based on cluster analysis |
CN113486366A (en) * | 2021-06-08 | 2021-10-08 | 贵州电网有限责任公司 | Web illegal operation behavior detection method based on cluster analysis |
JP2023053847A (en) * | 2021-10-02 | 2023-04-13 | 広海 大谷 | Providing service using internet through business model patent and implemented patent of security |
CN114238959A (en) * | 2021-12-15 | 2022-03-25 | 平安科技(深圳)有限公司 | User access behavior evaluation method and system based on zero-trust security system |
CN117091237A (en) * | 2023-09-20 | 2023-11-21 | 株洲桓基电气股份有限公司 | Air conditioning equipment detection method and system for rail train |
Non-Patent Citations (4)
Title |
---|
伊华伟;张付志;: "融合k-距离和项目类别信息的鲁棒推荐算法", 小型微型计算机系统, no. 11 * |
彭显刚;郑伟钦;林利祥;刘艺;林幕群;: "基于密度聚类和Fréchet判别分析的电价执行稽查方法", 电网技术, no. 11 * |
袁润;王琦;: "学术博客用户画像模型构建与实证――以科学网博客为例", 图书情报工作, no. 22 * |
郭斌: ""SaaS平台访问控制系统设计与实现"", 《中国优秀硕士学位论文全文数据库(电子期刊) 信息科技辑》, no. 09 * |
Also Published As
Publication number | Publication date |
---|---|
CN117294529B (en) | 2024-01-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20200394661A1 (en) | Business action based fraud detection system and method | |
CN108681936B (en) | Fraud group identification method based on modularity and balanced label propagation | |
CN111783875B (en) | Abnormal user detection method, device, equipment and medium based on cluster analysis | |
CN105827594B (en) | A kind of dubiety detection method based on domain name readability and domain name mapping behavior | |
WO2017124942A1 (en) | Method and apparatus for abnormal access detection | |
Ali Alheeti et al. | Intelligent intrusion detection in external communication systems for autonomous vehicles | |
CN106067088A (en) | E-bank accesses detection method and the device of behavior | |
CN108989150A (en) | A kind of login method for detecting abnormality and device | |
CN106209862A (en) | A kind of steal-number defence implementation method and device | |
CN103428189A (en) | Method, apparatus and system for identifying malicious network equipment | |
CN101841435A (en) | Method, apparatus and system for detecting abnormality of DNS (domain name system) query flow | |
CN101547445B (en) | System and method for detecting abnormal incursion based on mobility in mobile communication network | |
US20070233643A1 (en) | Apparatus and method for protecting access to phishing site | |
CN107070876A (en) | Method, equipment and system | |
CN111460441A (en) | Network intrusion detection method based on batch normalization convolutional neural network | |
CN108595655A (en) | A kind of abnormal user detection method of dialogue-based characteristic similarity fuzzy clustering | |
CN110188015B (en) | Host access relation abnormal behavior self-adaptive detection device and monitoring method thereof | |
CN110768946A (en) | Industrial control network intrusion detection system and method based on bloom filter | |
CN106951776A (en) | A kind of Host Anomaly Detection method and system | |
CN115270996A (en) | DGA domain name detection method, detection device and computer storage medium | |
CN117478433B (en) | Network and information security dynamic early warning system | |
CN114125848A (en) | Safety protection method and system for power mobile internet service | |
US11516240B2 (en) | Detection of anomalies associated with fraudulent access to a service platform | |
CN117294529B (en) | Abnormal login detection method and system for intelligent medical platform | |
CN116644825B (en) | Big data-based outpatient information inquiry reservation management system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |